This (1) actually works on iOS and Android, and (2) will likely be
more full-featured and better-supported going forward. But it does
mean plugging one system's certificate verifier (rustls) into
another's TLS implementation (BoringSSL). Still, having *all* of
rustls used alongside BoringSSL would be redundant.
Previously this didn't compose correctly with `--duplicates` (`-d`),
but now it prunes out dependencies in proc-macros just like we already
were for non-"normal" dependencies (build and dev), allowing us to
maintain our focus on code size.
While here, prefer long forms of flags for more readable code, and
improve the comments around the dependencies we can't avoid
duplicating.
libsignal-bridge uses linkme to make a big list of all functions
it's going to expose to Node. More recent linkme versions fix
issues where that list wasn't being preserved by linkers.
This manifested as a CI failure on Windows.
Upcoming work in `attest` requires additional X509 support, and swapping these libraries
is a negligible impact on binary size. This uses a fork of `cloudflare/boring`, as
we have some additions that haven’t yet been contributed upstream.
- cargo update
- But stay on our fork of curve25519-dalek (pinned at 3.0.0)
- Update x25519-dalek from 1.0 to 1.1 (instead of 1.2) to stay
compatible with curve25519-dalek
- Update cpufeatures to 2.1 to match our dependencies
- Note that updating picky* resulted in more duplicate crates (rand*)
- Pin num-bigint-dig to a build that supports Cargo's -Zbuild-std,
because xargo + autocfg has stopped working with the new toolchain
- Remove xargo in favor of -Zbuild-std